0
+ − 1
<?php
+ − 2
/*
+ − 3
Plugin Name: User control panel
36
+ − 4
Plugin URI: http://enanocms.org/
0
+ − 5
Description: Provides the page Special:Preferences.
+ − 6
Author: Dan Fuhry
85
7c68a18a27be
AJAX comments are now paginated; plugin manager can now show system plugins; typo in installer corrected; links in oxygen/stpatty/admin footers changed to "About Enano" page; 1.0.1 release candidate
Dan
diff
changeset
+ − 7
Version: 1.0.1
36
+ − 8
Author URI: http://enanocms.org/
0
+ − 9
*/
+ − 10
+ − 11
/*
+ − 12
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ − 13
* Version 1.0 release candidate 2
+ − 14
* Copyright (C) 2006-2007 Dan Fuhry
+ − 15
*
+ − 16
* This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License
+ − 17
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 18
*
+ − 19
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 20
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 21
*/
+ − 22
+ − 23
$userprefs_menu = Array();
+ − 24
$userprefs_menu_links = Array();
+ − 25
function userprefs_menu_add($section, $text, $link)
+ − 26
{
+ − 27
global $userprefs_menu;
+ − 28
if ( is_array($userprefs_menu[$section]) )
+ − 29
{
+ − 30
$userprefs_menu[$section][] = Array(
+ − 31
'text' => $text,
+ − 32
'link' => $link
+ − 33
);
+ − 34
}
+ − 35
else
+ − 36
{
+ − 37
$userprefs_menu[$section] = Array(Array(
+ − 38
'text' => $text,
+ − 39
'link' => $link
+ − 40
));
+ − 41
}
+ − 42
}
+ − 43
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 44
$plugins->attachHook('compile_template', 'userprefs_jbox_setup($button, $tb, $menubtn);');
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 45
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 46
function userprefs_jbox_setup(&$button, &$tb, &$menubtn)
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 47
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 48
global $db, $session, $paths, $template, $plugins; // Common objects
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 49
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 50
if ( $paths->namespace != 'Special' || $paths->cpage['urlname_nons'] != 'Preferences' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 51
return false;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 52
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 53
$tb .= "<ul>$template->toolbar_menu</ul>";
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 54
$template->toolbar_menu = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 55
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 56
$button->assign_vars(array(
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 57
'TEXT' => 'list of registered members',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 58
'FLAGS' => '',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 59
'PARENTFLAGS' => '',
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 60
'HREF' => makeUrlNS('Special', 'Memberlist')
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 61
));
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 62
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 63
$tb .= $button->run();
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 64
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 65
0
+ − 66
function userprefs_menu_html()
+ − 67
{
+ − 68
global $userprefs_menu;
+ − 69
global $userprefs_menu_links;
+ − 70
+ − 71
$html = '';
+ − 72
$quot = '"';
+ − 73
+ − 74
foreach ( $userprefs_menu as $section => $buttons )
+ − 75
{
+ − 76
$html .= ( isset($userprefs_menu_links[$section]) ) ? "<a href={$quot}{$userprefs_menu_links[$section]}{$quot}>{$section}</a>\n " : "<a>{$section}</a>\n ";
+ − 77
$html .= "<ul>\n ";
+ − 78
foreach ( $buttons as $button )
+ − 79
{
+ − 80
$html .= " <li><a href={$quot}{$button['link']}{$quot}>{$button['text']}</a></li>\n ";
+ − 81
}
+ − 82
$html .= "</ul>\n ";
+ − 83
}
+ − 84
+ − 85
return $html;
+ − 86
}
+ − 87
+ − 88
function userprefs_show_menu()
+ − 89
{
+ − 90
echo '<div class="menu_nojs">
+ − 91
' . userprefs_menu_html() . '
+ − 92
<span class="menuclear"></span>
+ − 93
</div>
+ − 94
<br />
+ − 95
';
+ − 96
}
+ − 97
+ − 98
function userprefs_menu_init()
+ − 99
{
+ − 100
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 101
global $userprefs_menu_links;
+ − 102
+ − 103
userprefs_menu_add('Profile/membership', 'Edit e-mail address and password', makeUrlNS('Special', 'Preferences/EmailPassword'));
+ − 104
userprefs_menu_add('Profile/membership', 'Edit signature', makeUrlNS('Special', 'Preferences/Signature'));
+ − 105
userprefs_menu_add('Profile/membership', 'Edit public profile', makeUrlNS('Special', 'Preferences/Profile'));
+ − 106
userprefs_menu_add('Private messages', 'Inbox', makeUrlNS('Special', 'PrivateMessages/Folder/Inbox'));
+ − 107
userprefs_menu_add('Private messages', 'Outbox', makeUrlNS('Special', 'PrivateMessages/Folder/Outbox'));
+ − 108
userprefs_menu_add('Private messages', 'Sent items', makeUrlNS('Special', 'PrivateMessages/Folder/Sent'));
+ − 109
userprefs_menu_add('Private messages', 'Drafts', makeUrlNS('Special', 'PrivateMessages/Folder/Drafts'));
+ − 110
userprefs_menu_add('Private messages', 'Archive', makeUrlNS('Special', 'PrivateMessages/Folder/Archive'));
+ − 111
+ − 112
$userprefs_menu_links['Profile/membership'] = makeUrlNS('Special', 'Preferences');
+ − 113
$userprefs_menu_links['Private messages'] = makeUrlNS('Special', 'PrivateMessages');
+ − 114
+ − 115
$code = $plugins->setHook('userprefs_jbox');
+ − 116
foreach ( $code as $cmd )
+ − 117
{
+ − 118
eval($cmd);
+ − 119
}
+ − 120
}
+ − 121
+ − 122
$plugins->attachHook('session_started', 'userprefs_menu_init();');
+ − 123
+ − 124
function page_Special_Preferences()
+ − 125
{
+ − 126
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 127
+ − 128
// We need a login to continue
+ − 129
if ( !$session->user_logged_in )
+ − 130
redirect(makeUrlNS('Special', 'Login/' . $paths->page), 'Login required', 'You need to be logged in to access this page. Please wait while you are redirected to the login page.');
+ − 131
+ − 132
// User ID - later this will be specified on the URL, but hardcoded for now
+ − 133
$uid = intval($session->user_id);
+ − 134
+ − 135
// Instanciate the AES encryptor
+ − 136
$aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+ − 137
+ − 138
// Basic user info
+ − 139
$q = $db->sql_query('SELECT username, password, email, real_name, signature, theme, style FROM '.table_prefix.'users WHERE user_id='.$uid.';');
+ − 140
if ( !$q )
+ − 141
$db->_die();
+ − 142
+ − 143
$row = $db->fetchrow();
+ − 144
$db->free_result();
+ − 145
+ − 146
$section = $paths->getParam(0);
+ − 147
if ( !$section )
+ − 148
{
+ − 149
$section = 'Home';
+ − 150
}
+ − 151
+ − 152
$errors = '';
+ − 153
+ − 154
switch ( $section )
+ − 155
{
+ − 156
case 'EmailPassword':
+ − 157
// Require elevated privileges (well sortof)
+ − 158
if ( $session->auth_level < USER_LEVEL_CHPREF )
+ − 159
{
+ − 160
redirect(makeUrlNS('Special', 'Login/' . $paths->fullpage, 'level=' . USER_LEVEL_CHPREF, true), 'Authentication required', 'You need to re-authenticate to access this page.', 0);
+ − 161
}
+ − 162
+ − 163
if ( isset($_POST['submit']) )
+ − 164
{
+ − 165
$email_changed = false;
+ − 166
// First do the e-mail address
+ − 167
if ( strlen($_POST['newemail']) > 0 )
+ − 168
{
+ − 169
switch('foo') // Same reason as in the password code...
+ − 170
{
+ − 171
case 'foo':
+ − 172
if ( $_POST['newemail'] != $_POST['newemail_conf'] )
+ − 173
{
+ − 174
$errors .= '<div class="error-box">The e-mail addresses you entered did not match.</div>';
+ − 175
break;
+ − 176
}
+ − 177
}
+ − 178
$q = $db->sql_query('SELECT password FROM '.table_prefix.'users WHERE user_id='.$session->user_id.';');
+ − 179
if ( !$q )
+ − 180
$db->_die();
+ − 181
$row = $db->fetchrow();
+ − 182
$db->free_result();
+ − 183
$old_pass = $aes->decrypt($row['password'], $session->private_key, ENC_HEX);
+ − 184
+ − 185
$new_email = $_POST['newemail'];
+ − 186
+ − 187
$result = $session->update_user($session->user_id, false, $old_pass, false, $new_email);
+ − 188
if ( $result != 'success' )
+ − 189
{
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 190
$message = '<p>The following errors were encountered while saving your e-mail address:</p>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 191
$message .= '<ul><li>' . implode("</li>\n<li>", $result) . '</li></ul>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 192
die_friendly('Error updating e-mail address', $message);
0
+ − 193
}
+ − 194
$email_changed = true;
+ − 195
}
+ − 196
// Obtain password
+ − 197
if ( $_POST['use_crypt'] == 'yes' && !empty($_POST['crypt_data']) )
+ − 198
{
+ − 199
$key = $session->fetch_public_key($_POST['crypt_key']);
+ − 200
if ( !$key )
+ − 201
die('Can\'t lookup key');
+ − 202
$key = hexdecode($key);
+ − 203
$newpass = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+ − 204
// At this point we know if we _want_ to change the password...
+ − 205
+ − 206
// We can't check the password to see if it matches the confirmation
+ − 207
// because the confirmation was destroyed during the encryption. I figured
+ − 208
// this wasn't a big deal because if the encryption worked, then either
+ − 209
// the Javascript validated it or the user hacked the form. In the latter
+ − 210
// case, if he's smart enough to hack the encryption code, he's probably
+ − 211
// smart enough to remember his password.
+ − 212
+ − 213
if ( strlen($newpass) > 0 )
+ − 214
{
+ − 215
// Perform checks
+ − 216
if ( strlen($newpass) < 6 )
+ − 217
$errors .= '<div class="error-box">Password must be at least 6 characters. You hacked my script, darn you!</div>';
+ − 218
// Encrypt new password
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 219
if ( empty($errors) )
0
+ − 220
{
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 221
$newpass_enc = $aes->encrypt($newpass, $session->private_key, ENC_HEX);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 222
// Perform the swap
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 223
$q = $db->sql_query('UPDATE '.table_prefix.'users SET password=\'' . $newpass_enc . '\' WHERE user_id=' . $session->user_id . ';');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 224
if ( !$q )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 225
$db->_die();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 226
// Log out and back in
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 227
$username = $session->username;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 228
$session->logout();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 229
if ( $email_changed )
0
+ − 230
{
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 231
if ( getConfig('account_activation') == 'user' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 232
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 233
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since e-mail activation is required on this site, you will need to re-activate your account to continue. An e-mail has been sent to the new e-mail address with an activation link. You must click that link in order to log in again.', 19);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 234
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 235
else if ( getConfig('account_activation') == 'admin' )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 236
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 237
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your password and e-mail address have been changed. Since administrative activation is requires on this site, a request has been sent to the administrators to activate your account for you. You will not be able to use your account until it is activated by an administrator.', 19);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 238
}
0
+ − 239
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 240
$session->login_without_crypto($session->username, $newpass);
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 241
redirect(makeUrlNS('Special', 'Preferences'), 'Password changed', 'Your password has been changed, and you will now be redirected back to the user control panel.', 4);
0
+ − 242
}
+ − 243
}
+ − 244
}
+ − 245
else
+ − 246
{
+ − 247
switch('foo') // allow breaking out of our section...i can't wait until PHP6 (goto support!)
+ − 248
{
+ − 249
case 'foo':
+ − 250
$pass = $_POST['newpass'];
+ − 251
if ( $pass != $_POST['newpass_conf'] )
+ − 252
{
+ − 253
$errors .= '<div class="error-box">The passwords you entered did not match</div>';
+ − 254
break;
+ − 255
}
+ − 256
+ − 257
if ( $email_changed )
+ − 258
{
+ − 259
if ( getConfig('account_activation') == 'user' )
+ − 260
{
+ − 261
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your e-mail address has been changed. Since e-mail activation is required on this site, you will need to re-activate your account to continue. An e-mail has been sent to the new e-mail address with an activation link. You must click that link in order to log in again.', 19);
+ − 262
}
+ − 263
else if ( getConfig('account_activation') == 'admin' )
+ − 264
{
+ − 265
redirect(makeUrl(getConfig('main_page')), 'Profile changed', 'Your e-mail address has been changed. Since administrative activation is requires on this site, a request has been sent to the administrators to activate your account for you. You will not be able to use your account until it is activated by an administrator.', 19);
+ − 266
}
+ − 267
else
+ − 268
{
+ − 269
redirect(makeUrlNS('Special', 'Preferences'), 'Password changed', 'Your e-mail address has been changed, and you will now be redirected back to the user control panel.', 4);
+ − 270
}
+ − 271
}
+ − 272
+ − 273
return;
+ − 274
}
+ − 275
}
+ − 276
}
+ − 277
$template->tpl_strings['PAGE_NAME'] = 'Change E-mail Address or Password';
+ − 278
break;
+ − 279
case 'Signature':
+ − 280
$template->tpl_strings['PAGE_NAME'] = 'Editing signature';
+ − 281
break;
+ − 282
case 'Profile':
+ − 283
$template->tpl_strings['PAGE_NAME'] = 'Editing public profile';
+ − 284
break;
+ − 285
}
+ − 286
+ − 287
$template->header();
+ − 288
+ − 289
// Output the menu
+ − 290
// This is not templatized because it conforms to the jBox menu standard.
+ − 291
+ − 292
userprefs_show_menu();
+ − 293
+ − 294
switch ( $section )
+ − 295
{
+ − 296
case 'Home':
+ − 297
global $email;
+ − 298
$user_page = '<a href="' . makeUrlNS('User', str_replace(' ', '_', $session->username)) . '">user page</a> <sup>(<a href="' . makeUrlNS('User', str_replace(' ', '_', $session->username)) . '#do:comments">comments</a>)</sup>';
+ − 299
$site_admin = $email->encryptEmail(getConfig('contact_email'), '', '', 'administrator');
+ − 300
echo "<h3 style='margin-top: 0;'>$session->username, welcome to your control panel</h3>";
+ − 301
echo "<p>Here you can make changes to your profile, view statistics on yourself on this site, and set your preferences.</p>
+ − 302
<p>If you have not already done so, you are encouraged to make a $user_page and tell the other members of this site a little about yourself.</p>
+ − 303
<p>Use the menu at the top to navigate around. If you have any questions, you may contact the $site_admin.";
+ − 304
break;
+ − 305
case 'EmailPassword':
+ − 306
+ − 307
echo '<form action="' . makeUrlNS('Special', 'Preferences/EmailPassword') . '" method="post" onsubmit="return runEncryption();" name="empwform" >';
+ − 308
+ − 309
// Password change form
+ − 310
$pubkey = $session->rijndael_genkey();
+ − 311
+ − 312
echo '<fieldset>
+ − 313
<legend>Change password</legend>
+ − 314
Type a new password:<br />
+ − 315
<input type="password" name="newpass" size="30" tabindex="1" />
+ − 316
<br />
+ − 317
<br />
+ − 318
Type the password again to confirm:<br />
+ − 319
<input type="password" name="newpass_conf" size="30" tabindex="2" />
+ − 320
</fieldset><br />
+ − 321
<fieldset>
+ − 322
<legend>Change e-mail address</legend>
+ − 323
New e-mail address:<br />
+ − 324
<input type="text" name="newemail" size="30" tabindex="3" />
+ − 325
<br />
+ − 326
<br />
+ − 327
Confirm e-mail address:<br />
+ − 328
<input type="text" name="newemail_conf" size="30" tabindex="4" />
+ − 329
</fieldset>
+ − 330
<input type="hidden" name="use_crypt" value="no" />
+ − 331
<input type="hidden" name="crypt_key" value="' . $pubkey . '" />
+ − 332
<input type="hidden" name="crypt_data" value="" />
+ − 333
<br />
+ − 334
<div style="text-align: right;"><input type="submit" name="submit" value="Save Changes" tabindex="5" /></div>';
+ − 335
+ − 336
echo '</form>';
+ − 337
+ − 338
// ENCRYPTION CODE
+ − 339
?>
+ − 340
<script type="text/javascript">
+ − 341
disableJSONExts();
+ − 342
str = '';
+ − 343
for(i=0;i<keySizeInBits/4;i++) str+='0';
+ − 344
var key = hexToByteArray(str);
+ − 345
var pt = hexToByteArray(str);
+ − 346
var ct = rijndaelEncrypt(pt, key, "ECB");
+ − 347
var ct = byteArrayToHex(ct);
+ − 348
switch(keySizeInBits)
+ − 349
{
+ − 350
case 128:
+ − 351
v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ − 352
break;
+ − 353
case 192:
+ − 354
v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ − 355
break;
+ − 356
case 256:
+ − 357
v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ − 358
break;
+ − 359
}
+ − 360
var aes_testpassed = ( ct == v && md5_vm_test() );
+ − 361
function runEncryption()
+ − 362
{
+ − 363
var frm = document.forms.empwform;
+ − 364
if ( frm.newpass.value.length < 1 )
+ − 365
return true;
+ − 366
if(aes_testpassed)
+ − 367
{
+ − 368
frm.use_crypt.value = 'yes';
+ − 369
var cryptkey = frm.crypt_key.value;
+ − 370
frm.crypt_key.value = hex_md5(cryptkey);
+ − 371
cryptkey = hexToByteArray(cryptkey);
+ − 372
if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ − 373
{
+ − 374
frm.submit.disabled = true;
+ − 375
len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ − 376
alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ − 377
}
+ − 378
}
+ − 379
pass1 = frm.newpass.value;
+ − 380
pass2 = frm.newpass_conf.value;
+ − 381
if ( pass1 != pass2 )
+ − 382
{
+ − 383
alert('The passwords you entered do not match.');
+ − 384
return false;
+ − 385
}
+ − 386
if ( pass1.length < 6 && pass1.length > 0 )
+ − 387
{
+ − 388
alert('The new password must be 6 characters or greater in length.');
+ − 389
return false;
+ − 390
}
+ − 391
if(aes_testpassed)
+ − 392
{
+ − 393
pass = frm.newpass.value;
+ − 394
pass = stringToByteArray(pass);
+ − 395
cryptstring = rijndaelEncrypt(pass, cryptkey, 'ECB');
+ − 396
if(!cryptstring)
+ − 397
{
+ − 398
return false;
+ − 399
}
+ − 400
cryptstring = byteArrayToHex(cryptstring);
+ − 401
frm.crypt_data.value = cryptstring;
+ − 402
frm.newpass.value = "";
+ − 403
frm.newpass_conf.value = "";
+ − 404
}
+ − 405
return true;
+ − 406
}
+ − 407
</script>
+ − 408
<?php
+ − 409
+ − 410
break;
+ − 411
case 'Signature':
+ − 412
if ( isset($_POST['new_sig']) )
+ − 413
{
+ − 414
$sig = $_POST['new_sig'];
+ − 415
$sig = RenderMan::preprocess_text($sig, true, false);
+ − 416
$sql_sig = $db->escape($sig);
+ − 417
$q = $db->sql_query('UPDATE '.table_prefix.'users SET signature=\'' . $sql_sig . '\' WHERE user_id=' . $session->user_id . ';');
+ − 418
if ( !$q )
+ − 419
$db->_die();
+ − 420
$session->signature = $sig;
+ − 421
echo '<div class="info-box" style="margin: 0 0 10px 0;">Your signature has been saved.</div>';
+ − 422
}
+ − 423
echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
74
68469a95658d
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
Dan
diff
changeset
+ − 424
echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));
0
+ − 425
echo '<input type="submit" value="Save signature" />';
+ − 426
echo '</form>';
+ − 427
break;
+ − 428
case "Profile":
+ − 429
if ( isset($_POST['submit']) )
+ − 430
{
+ − 431
$real_name = htmlspecialchars($_POST['real_name']);
+ − 432
$real_name = $db->escape($real_name);
31
+ − 433
+ − 434
$imaddr_aim = htmlspecialchars($_POST['imaddr_aim']);
+ − 435
$imaddr_aim = $db->escape($imaddr_aim);
+ − 436
+ − 437
$imaddr_msn = htmlspecialchars($_POST['imaddr_msn']);
+ − 438
$imaddr_msn = $db->escape($imaddr_msn);
+ − 439
+ − 440
$imaddr_yahoo = htmlspecialchars($_POST['imaddr_yahoo']);
+ − 441
$imaddr_yahoo = $db->escape($imaddr_yahoo);
+ − 442
+ − 443
$imaddr_xmpp = htmlspecialchars($_POST['imaddr_xmpp']);
+ − 444
$imaddr_xmpp = $db->escape($imaddr_xmpp);
+ − 445
+ − 446
$homepage = htmlspecialchars($_POST['homepage']);
+ − 447
$homepage = $db->escape($homepage);
+ − 448
+ − 449
$location = htmlspecialchars($_POST['location']);
+ − 450
$location = $db->escape($location);
+ − 451
+ − 452
$occupation = htmlspecialchars($_POST['occupation']);
+ − 453
$occupation = $db->escape($occupation);
+ − 454
+ − 455
$hobbies = htmlspecialchars($_POST['hobbies']);
+ − 456
$hobbies = $db->escape($hobbies);
+ − 457
+ − 458
$email_public = ( isset($_POST['email_public']) ) ? '1' : '0';
+ − 459
+ − 460
$session->real_name = $real_name;
+ − 461
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 462
if ( !preg_match('/@([a-z0-9-]+)(\.([a-z0-9-\.]+))?/', $imaddr_msn) && !empty($imaddr_msn) )
31
+ − 463
{
+ − 464
$imaddr_msn = "$imaddr_msn@hotmail.com";
+ − 465
}
+ − 466
+ − 467
if ( substr($homepage, 0, 7) != 'http://' )
+ − 468
{
+ − 469
$homepage = "http://$homepage";
+ − 470
}
+ − 471
+ − 472
if ( !preg_match('/^http:\/\/([a-z0-9-.]+)([A-z0-9@#\$%\&:;<>,\.\?=\+\(\)\[\]_\/\\\\]*?)$/i', $homepage) )
+ − 473
{
+ − 474
$homepage = '';
+ − 475
}
+ − 476
+ − 477
$session->user_extra['user_aim'] = $imaddr_aim;
+ − 478
$session->user_extra['user_msn'] = $imaddr_msn;
+ − 479
$session->user_extra['user_xmpp'] = $imaddr_xmpp;
+ − 480
$session->user_extra['user_yahoo'] = $imaddr_yahoo;
+ − 481
$session->user_extra['user_homepage'] = $homepage;
+ − 482
$session->user_extra['user_location'] = $location;
+ − 483
$session->user_extra['user_job'] = $occupation;
+ − 484
$session->user_extra['user_hobbies'] = $hobbies;
+ − 485
$session->user_extra['email_public'] = intval($email_public);
+ − 486
0
+ − 487
$q = $db->sql_query('UPDATE '.table_prefix."users SET real_name='$real_name' WHERE user_id=$session->user_id;");
+ − 488
if ( !$q )
+ − 489
$db->_die();
+ − 490
31
+ − 491
$q = $db->sql_query('UPDATE '.table_prefix."users_extra SET user_aim='$imaddr_aim',user_yahoo='$imaddr_yahoo',user_msn='$imaddr_msn',
+ − 492
user_xmpp='$imaddr_xmpp',user_homepage='$homepage',user_location='$location',user_job='$occupation',
+ − 493
user_hobbies='$hobbies',email_public=$email_public
+ − 494
WHERE user_id=$session->user_id;");
+ − 495
+ − 496
if ( !$q )
+ − 497
$db->_die();
+ − 498
0
+ − 499
echo '<div class="info-box" style="margin: 0 0 10px 0;">Your profile has been updated.</div>';
+ − 500
}
+ − 501
echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
+ − 502
?>
+ − 503
<div class="tblholder">
+ − 504
<table border="0" cellspacing="1" cellpadding="4">
+ − 505
<tr>
+ − 506
<th colspan="2">Your public profile</th>
+ − 507
</tr>
+ − 508
<tr>
+ − 509
<td colspan="2" class="row3">Please note that all of the information you enter here will be <b>publicly viewable.</b> All of the fields on this page are optional and may be left blank if you so desire.</td>
+ − 510
</tr>
+ − 511
<tr>
+ − 512
<td class="row2" style="width: 50%;">Real name:</td>
+ − 513
<td class="row1" style="width: 50%;"><input type="text" name="real_name" value="<?php echo $session->real_name; ?>" size="30" /></td>
+ − 514
</tr>
+ − 515
<tr>
+ − 516
<td class="row2">Change theme:</td>
+ − 517
<td class="row1">If you don't like the look of the site, need a visual break, or are just curious, we might have some different themes for you to try out! <a href="<?php echo makeUrlNS('Special', 'ChangeStyle/' . $paths->page); ?>" onclick="ajaxChangeStyle(); return false;">Change my theme...</a></td>
+ − 518
</tr>
+ − 519
<tr>
31
+ − 520
<th class="subhead" colspan="2">
+ − 521
Instant messenger contact information
+ − 522
</th>
+ − 523
<tr>
+ − 524
<td class="row2" style="width: 50%;">AIM handle:</td>
+ − 525
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_aim" value="<?php echo $session->user_extra['user_aim']; ?>" size="30" /></td>
+ − 526
</tr>
+ − 527
<tr>
+ − 528
<td class="row2" style="width: 50%;"><acronym title="Windows™ Live Messenger">WLM</acronym> handle:<br /><small>If you don't specify the domain (@whatever.com), "@hotmail.com" will be assumed.</small></td>
+ − 529
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_msn" value="<?php echo $session->user_extra['user_msn']; ?>" size="30" /></td>
+ − 530
</tr>
+ − 531
<tr>
+ − 532
<td class="row2" style="width: 50%;">Yahoo! IM handle:</td>
+ − 533
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_yahoo" value="<?php echo $session->user_extra['user_yahoo']; ?>" size="30" /></td>
+ − 534
</tr>
+ − 535
<tr>
+ − 536
<td class="row2" style="width: 50%;">Jabber/XMPP handle:</td>
+ − 537
<td class="row1" style="width: 50%;"><input type="text" name="imaddr_xmpp" value="<?php echo $session->user_extra['user_xmpp']; ?>" size="30" /></td>
+ − 538
</tr>
+ − 539
<tr>
+ − 540
<th class="subhead" colspan="2">
+ − 541
Extra contact information
+ − 542
</th>
+ − 543
</tr>
+ − 544
<tr>
+ − 545
<td class="row2" style="width: 50%;">Your homepage:<br /><small>Please remember the http:// prefix.</small></td>
+ − 546
<td class="row1" style="width: 50%;"><input type="text" name="homepage" value="<?php echo $session->user_extra['user_homepage']; ?>" size="30" /></td>
+ − 547
</tr>
+ − 548
<tr>
+ − 549
<td class="row2" style="width: 50%;">Your location:</td>
+ − 550
<td class="row1" style="width: 50%;"><input type="text" name="location" value="<?php echo $session->user_extra['user_location']; ?>" size="30" /></td>
+ − 551
</tr>
+ − 552
<tr>
+ − 553
<td class="row2" style="width: 50%;">Your job:</td>
+ − 554
<td class="row1" style="width: 50%;"><input type="text" name="occupation" value="<?php echo $session->user_extra['user_job']; ?>" size="30" /></td>
+ − 555
</tr>
+ − 556
<tr>
+ − 557
<td class="row2" style="width: 50%;">Your hobbies:</td>
+ − 558
<td class="row1" style="width: 50%;"><input type="text" name="hobbies" value="<?php echo $session->user_extra['user_hobbies']; ?>" size="30" /></td>
+ − 559
</tr>
+ − 560
<tr>
+ − 561
<td class="row2" style="width: 50%;"><label for="chk_email_public">E-mail address is public</label><br /><small>If this is checked, your e-mail address will be displayed on your user page. To protect your address from spambots, your e-mail address will be encrypted.</small></td>
+ − 562
<td class="row1" style="width: 50%;"><input type="checkbox" id="chk_email_public" name="email_public" value="<?php if ($session->user_extra['email_public'] == 1) echo 'checked="checked"'; ?>" size="30" /></td>
0
+ − 563
</tr>
+ − 564
<tr>
+ − 565
<th class="subhead" colspan="2">
+ − 566
<input type="submit" name="submit" value="Save profile" />
+ − 567
</th>
+ − 568
</tr>
+ − 569
</table>
+ − 570
</div>
+ − 571
<?php
+ − 572
echo '</form>';
+ − 573
break;
+ − 574
default:
+ − 575
$good = false;
+ − 576
$code = $plugins->setHook('userprefs_body');
+ − 577
foreach ( $code as $cmd )
+ − 578
{
+ − 579
if ( eval($code) )
+ − 580
$good = true;
+ − 581
}
+ − 582
if ( !$good )
+ − 583
{
+ − 584
echo '<h3>Invalid module</h3>
+ − 585
<p>Userprefs module "'.$section.'" not found.</p>';
+ − 586
}
+ − 587
break;
+ − 588
}
+ − 589
+ − 590
$template->footer();
+ − 591
}
+ − 592
+ − 593
?>